Hello, Guest!

Axellio CEO Scott Aken Discusses CMMC, EW & Providing Optimal Cyber Protections to DOD

A mechanical engineer by training, Scott Aken has navigated a fascinating route to his current role as president and CEO of network intelligence provider Axellio. He began his career in the commercial sector during the dot-com boom in the late 1990s, where he worked for the sole domain name company. Cybercriminals who made attempts on his organizationā€™s database inspired him to learn more about protecting digital assets and inspired a now career-long focus on cybersecurity.

This path has included time as a cyber agent at the FBI tracking down and holding bad actors accountable, as well as tours through some of the most notable, large-scale government contractors; a role as vice president of cyber operations at SAIC; a turn as VP of cyber operations at the former L3 Communications (now L3Harris); and nearly a decade at CACI in various positions.

Aken shared his expertise with GovCon Wire in a recent Executive Spotlight interview, during which he talked about overcoming U.S. government delays in progress for cyber and electronic warfare, the challenges of the Department of Defenseā€™s Cybersecurity Maturity Model Certification and more.

Do you think the United Statesā€™ cybersecurity efforts are keeping up with demand? If not, how can we accelerate and broaden cybersecurity?

ā€˜Demandā€™ is certainly an interesting way to look at it. As someone who has been involved in the cybersecurity space for a couple of decades, I’d say we’re no better off today than we were back then. In fact, it’s gotten worse. The U.S. cybersecurity efforts are not keeping up with the demand or the threats we’re facing. Threats have significantly escalated. Our adversaries have evolved from black hat hackers seeking notoriety to causing multi-billion dollar losses with cybercrime and ransomware. We also face significant economic espionage against defense contractors and big businesses, and nation states are testing our critical infrastructure defenses.

You’ve probably read about these threats in the mediaĀ over the past month or so. Additionally, terrorist groups and activists are now part of the mix. As these threats increase, their impacts are also growing. Our country continues to strengthen its dependence on networks and applications, making us incredibly reliant on network connectivity. Almost every electronic device today connects to the Iinternet and receives regular updates, creating a target-rich environment for adversaries. Our threat footprint is expanding significantly every month.

So, how do we get better? How do we stop falling behind in this area? From my perspective, accelerating and broadening our cybersecurity efforts requires better monitoring. We need to monitor all our network traffic. The industry has embraced endpoint security as the primary model for years, but that’s not enough. Twenty years ago, we used the term ā€œdefense in depth,ā€ which referred to a layered approach to security. We monitored everything from the outside to the inside of our networks. However, networks have evolved from one gigabit per second to hundreds of gigabits per second, and the analytical tools from back then can’t keep up.

Today, we’ve resorted to placing sensors at the network edge, hoping to catch adversaries coming in and out. However, threat intelligence and threat hunting reports consistently show that adversaries are still infiltrating networks and setting up camp for months at a time. We need to actively look for threats and anomalies inside our networks, or we’ll be saying the same thing 20 years from now.

What are your thoughts on electronic warfare and how itā€™s changing the defense landscape? How are you seeing contractors respond to new and evolving EW threats?

This is a fascinating space right now. Electronic warfare has always been a critical concept within the Department of Defense. However, during the past two decades of counterterrorism activities, where we dominated the electronic battlefield, we didn’t innovate much. The U.S. relied on decades-old radio frequency jamming techniques, which worked well against the adversaries we faced at the time. But we failed to innovate at a fast enough pace.

Now, our near-peer adversaries have been innovating, and we’re witnessing EW’s significance in the war in Ukraine, with drone warfare and electronic warfare becoming more prevalent and influential. RF has always been at the heart of most military operationsā€”critical for logistics, fire control and troop communications, but its level of visibility and importance has significantly increased.

In mid-2020, the DOD wrote its Electromagnetic Spectrum Superiority Strategy, acknowledging that our dominance in air, land, sea, space and cyberspace is being challenged by near-peer adversaries. The electromagnetic spectrum is now a central focus in maintaining our strategic advantage. The Chinese military, for example, views the EMS as integral to their warfare strategy, aiming to achieve dominance by coordinating cyberspace and electronic warfare to deny the use of the EMS.

Considering the strength and power of the U.S. military, much of it has an electronic signature or relies on some form of communication within the EMS. This brings significant concerns: Can these signatures be tracked, targeted, or taken offline by cyberattacks? Can our drones be tracked, targeted, destroyed, or even turned against us? EW brings these critical issues to the forefront, requiring defense contractors to address them in their software and hardware development for the DOD.

The threats are real, as evidenced by current events. New advancements in AI have further raised the stakes, as AI’s ability to detect and identify RF signatures in near real-time enhances the threat landscape. The DOD is actively implementing new requirements into acquisitions, pushing innovation in signal processing, advanced frequency management algorithms, AI, counter-AI measures and ensuring everything is software-defined. This adaptability is crucial because once a signature is identified, it must be changed quickly to avoid becoming a target. Unlike platforms that take years or even decades to develop, software and frequency changes need to be rapid to keep up with evolving threats. The concept of “software-defined everything” is now incredibly important for every defense contractor, emphasizing the need for flexibility and rapid adaptation in our defense systems.

Where are you seeing the most exciting opportunities to deliver better capabilities to our warfighters today, and how are you harnessing these opportunities?

While the EMS has always been part of the battlefield, its role has dramatically increased in importance over the last five to 10 years. The EMS is incredibly vast, making it challenging to detect adversaries who try to conceal themselves within it. To defend against threats or hide from tools like signature detection algorithms, constant monitoring and real-time analysis of large bandwidths within the EMS are crucial. This task involves ingesting, storing, and analyzing hundreds of gigabits per second, sometimes reaching terabits per secondā€”an astronomical amount of data for most processing systems, especially at the edge where these operations often occur.

To put this into perspective, handling a hundred gigabits per second is akin to streaming 15,000 high-definition Netflix movies simultaneously. Such a data load is beyond the capabilities of typical laptops or standard processing systems. This is where innovative solutions like those from Axellio come into play.

Axellio has revolutionized the storage industry with extreme high-speed, multi-petabyte, simultaneous read-and-write performance storage designed to capture and distribute time-series dataā€”such as RF, video, audio and network data. Our patented technology allows simultaneous reading and writing to disk, a significant advancement that redefines how data collection and analysis are conducted at scale.

For example, using a typical 1U server, we can ingest 100 gigabits per second of data, store it to disk and simultaneously distribute 200 gigabits per second. This capability is unmatched in the industry. In the RF space, we support protocols like raw IQ and VITA 49, enabling simultaneous distribution of incoming data to multiple streams. This means multiple analytic tools can access the data they need without being overwhelmed.

Our innovation essentially creates a gigantic DVR for data, allowing you to rewind, replay and reanalyze data at incredibly high speeds. You can selectively access the data you need without sifting through the entire dataset. If you need to analyze a specific portion of the data, you can jump directly to that segment, similar to skipping to a scene in a movie. This capability transforms how RF data is handled, providing unparalleled efficiency and flexibility in data analysis.

How does the Cybersecurity Maturity Model Certification impact Axellio’s activities, either day-to-day or long-term?

As Axellio produces cybersecurity tools and RF products for the DOD, pursuing CMMC certification is mandatory. Even though we’re in the cyber arena, achieving CMMC certification is still a significant challenge, especially for a small business like ours. The costs of hardware, software and ongoing maintenance are substantial. Keeping everything up-to-date and managing patching is also resource-intensive. Regular testing of all controls and at least one external audit are required, adding to the expenses.

Additionally, the third-party software we use to enhance our overall network security requires constant attention and management. We need highly qualified personnel to manage all these aspects and ensure everything is prioritized appropriately. For a small business, this adds to an already long list of tasks.

Having been in the business for a couple of decades, I believe CMMC is essential for pushing better security controls. I completely agree with the need for improved security. However, the costs imposed by the DOD for CMMC implementation can be counterproductive to their other major push for innovation. According to the DOD, innovation often comes from small businesses. Therefore, the DOD should consider providing funding to these critical companies to help them overcome the challenging and expensive hurdles of CMMC certification.

As a leader, I frequently face business trade-offs. Should I reassign an engineer from working on new innovations to focus on CMMC implementation, or should I keep them on revenue-producing projects? This is a tough decision I regularly have to make. If we don’t pursue CMMC certification, we risk losing revenue from the DOD. But if we focus on CMMC, we might also miss out on revenue because we’re not innovating or producing new products.

This dilemma will likely force many good companies out of business, redirecting work back to large federal systems integrators that have the resources to maintain their certifications. I hope the DOD finds creative ways to support small businesses, ensuring that we can secure innovations properly. We need security, but we also need to balance it with the need for innovation.

Unfortunately, I’m not seeing much discussion about this balance yet. Hopefully, these conversations will start soon to address this critical issue.

Video of the Day